|
FEATURE STORY
Insights into the latest wireless
LAN security issues
War Drive of Atlanta, Chicago & San Francisco:
57 % of Enterprise Wireless LANs Not Encrypted
Despite screaming headlines of major
security risks, many enterprises are still incredibly vulnerable
to rogue wireless LANs and insecure WLAN access points.
More than half of all access points still do not encrypt their traffic
and 9 percent of all access points were determined to be unauthorized
"rogues," according to a recent study of wireless LANs in the business
districts of Atlanta, Chicago and San Francisco.
Last month, AirDefense engineers conducted a war drive in the three
cities. The results indicate that many enterprises are at risk of
unsanctioned access points and are ignoring the need for the most
basic form of security - encryption.
| Compiled
Stats of Atlanta, Chicago & San Francisco |
| |
Total
Access Points Detected |
1,136 |
| |
Access
Points without Encryption |
650
(57 %) |
| |
Rogue
APs (100 % default settings) |
104
(9 %) |
| |
Access
Points Broadcasting SSID |
876
(77 %) |
| |
Consumer-Grade
Access Points |
331
(29 %) |
| |
Ad
Hoc Networks |
45
(32 unencrypted) |
The surveys were conducted by
driving the streets around office buildings. For Atlanta, the war
drive was conducted on a 10-mile stretch of Peachtree Street from
Buckhead to downtown. The Chicago and San Francisco war drives were
conducted in the downtown areas and financial districts of both
cities.
Of the 1,136 access points detected in the three cities, 650 - 57
percent - did not utilize any form of encryption, such as WEP, WPA,
LEAP, PEAP or other proprietary solutions. AirDefense determined
that 104 access points - 9 percent of the total - were rogue access
points because they were in complete default settings for their
SSID, channel, IP addressing and broadcasting of their SSIDs.
The war drive DID NOT check these access points for default passwords.
In fact, the engineers conducting the war drive made special effort
to make sure that they never connected to any of the wireless LANs
that were detected.
| War
Drive Stats for Each City |
| |
|
Atlanta |
Chicago |
San
Francisco |
| |
Total
Access Points |
444 |
235 |
457 |
|
Access
Points without Encryption |
277 |
135 |
238 |
| |
Rogue
APs (100 % default settings) |
36 |
25 |
43 |
|
Access
Points Broadcasting SSID |
393 |
158 |
328 |
| |
Consumer-Grade
Access Points |
169 |
39 |
123 |
|
Percentage
of Total Traffic Encrypted |
8% |
78% |
91% |
| |
Unencrypted
Ad Hoc Networks |
3 |
8 |
21 |
The total number of rogue wireless
LANs could potentially be much higher than the reported 9 percent;
331 access points - 29 percent - were determined to be consumer-grade
products from vendors, such as Linksys, D-Link and Netgear. Larger
enterprises are not likely to deploy access points from these vendors.
Insecure ad hoc networks were another issue identified in the survey
across the three cities. The war drive identified 45 of these peer-to-peer
networks; 32 of the ad hoc networks were not encrypted.
While the majority of access points in each city did not use encryption,
the actual traffic observed varied from city to city. It seems as
if the most active enterprise wireless LANs in San Francisco and
Chicago did use some form of encryption. Of the total traffic observed
in San Francisco, 91 percent was encrypted. In Chicago, 78 percent
of the observed traffic was encrypted. However, the war drive in
Atlanta showed that only 8 percent of the total traffic was encrypted.
|
 |
